| Index: crypto/nss_util.cc
|
| diff --git a/crypto/nss_util.cc b/crypto/nss_util.cc
|
| index 5ee7c320f5c04cc84472d3b43a5cb07ab9346576..cd7bd448d934483a3ec2febdb9a1c4e2f2351c53 100644
|
| --- a/crypto/nss_util.cc
|
| +++ b/crypto/nss_util.cc
|
| @@ -43,14 +43,13 @@
|
| #include "base/threading/worker_pool.h"
|
| #include "build/build_config.h"
|
|
|
| -// USE_NSS means we use NSS for everything crypto-related. If USE_NSS is not
|
| -// defined, such as on Mac and Windows, we use NSS for SSL only -- we don't
|
| -// use NSS for crypto or certificate verification, and we don't use the NSS
|
| -// certificate and key databases.
|
| -#if defined(USE_NSS)
|
| +// USE_NSS_CERTS means NSS is used for certificates and platform integration.
|
| +// This requires additional support to manage the platform certificate and key
|
| +// stores.
|
| +#if defined(USE_NSS_CERTS)
|
| #include "base/synchronization/lock.h"
|
| #include "crypto/nss_crypto_module_delegate.h"
|
| -#endif // defined(USE_NSS)
|
| +#endif // defined(USE_NSS_CERTS)
|
|
|
| namespace crypto {
|
|
|
| @@ -80,7 +79,7 @@ std::string GetNSSErrorMessage() {
|
| return result;
|
| }
|
|
|
| -#if defined(USE_NSS)
|
| +#if defined(USE_NSS_CERTS)
|
| #if !defined(OS_CHROMEOS)
|
| base::FilePath GetDefaultConfigDirectory() {
|
| base::FilePath dir;
|
| @@ -142,8 +141,8 @@ char* PKCS11PasswordFunc(PK11SlotInfo* slot, PRBool retry, void* arg) {
|
| // the NSS environment variable NSS_SDB_USE_CACHE to "yes" to override NSS's
|
| // detection when database_dir is on NFS. See http://crbug.com/48585.
|
| //
|
| -// TODO(wtc): port this function to other USE_NSS platforms. It is defined
|
| -// only for OS_LINUX and OS_OPENBSD simply because the statfs structure
|
| +// TODO(wtc): port this function to other USE_NSS_CERTS platforms. It is
|
| +// defined only for OS_LINUX and OS_OPENBSD simply because the statfs structure
|
| // is OS-specific.
|
| //
|
| // Because this function sets an environment variable it must be run before we
|
| @@ -170,7 +169,7 @@ void UseLocalCacheOfNSSDatabaseIfNFS(const base::FilePath& database_dir) {
|
| }
|
| }
|
|
|
| -#endif // defined(USE_NSS)
|
| +#endif // defined(USE_NSS_CERTS)
|
|
|
| // A singleton to initialize/deinitialize NSPR.
|
| // Separate from the NSS singleton because we initialize NSPR on the UI thread.
|
| @@ -628,11 +627,11 @@ class NSSInitSingleton {
|
| }
|
| #endif
|
|
|
| -#if defined(USE_NSS)
|
| +#if defined(USE_NSS_CERTS)
|
| base::Lock* write_lock() {
|
| return &write_lock_;
|
| }
|
| -#endif // defined(USE_NSS)
|
| +#endif // defined(USE_NSS_CERTS)
|
|
|
| // This method is used to force NSS to be initialized without a DB.
|
| // Call this method before NSSInitSingleton() is constructed.
|
| @@ -676,7 +675,7 @@ class NSSInitSingleton {
|
| SECStatus status = SECFailure;
|
| bool nodb_init = force_nodb_init_;
|
|
|
| -#if !defined(USE_NSS)
|
| +#if !defined(USE_NSS_CERTS)
|
| // Use the system certificate store, so initialize NSS without database.
|
| nodb_init = true;
|
| #endif
|
| @@ -691,7 +690,7 @@ class NSSInitSingleton {
|
| root_ = InitDefaultRootCerts();
|
| #endif // defined(OS_IOS)
|
| } else {
|
| -#if defined(USE_NSS)
|
| +#if defined(USE_NSS_CERTS)
|
| base::FilePath database_dir = GetInitialConfigDirectory();
|
| if (!database_dir.empty()) {
|
| // This duplicates the work which should have been done in
|
| @@ -738,7 +737,7 @@ class NSSInitSingleton {
|
| }
|
|
|
| root_ = InitDefaultRootCerts();
|
| -#endif // defined(USE_NSS)
|
| +#endif // defined(USE_NSS_CERTS)
|
| }
|
|
|
| // Disable MD5 certificate signatures. (They are disabled by default in
|
| @@ -783,7 +782,7 @@ class NSSInitSingleton {
|
| }
|
| }
|
|
|
| -#if defined(USE_NSS) || defined(OS_IOS)
|
| +#if defined(USE_NSS_CERTS) || defined(OS_IOS)
|
| // Load nss's built-in root certs.
|
| SECMODModule* InitDefaultRootCerts() {
|
| SECMODModule* root = LoadModule("Root Certs", "libnssckbi.so", NULL);
|
| @@ -856,11 +855,11 @@ class NSSInitSingleton {
|
| ChromeOSUserMap chromeos_user_map_;
|
| ScopedPK11Slot test_system_slot_;
|
| #endif
|
| -#if defined(USE_NSS)
|
| +#if defined(USE_NSS_CERTS)
|
| // TODO(davidben): When https://bugzilla.mozilla.org/show_bug.cgi?id=564011
|
| // is fixed, we will no longer need the lock.
|
| base::Lock write_lock_;
|
| -#endif // defined(USE_NSS)
|
| +#endif // defined(USE_NSS_CERTS)
|
|
|
| base::ThreadChecker thread_checker_;
|
| };
|
| @@ -872,7 +871,7 @@ base::LazyInstance<NSSInitSingleton>::Leaky
|
| g_nss_singleton = LAZY_INSTANCE_INITIALIZER;
|
| } // namespace
|
|
|
| -#if defined(USE_NSS)
|
| +#if defined(USE_NSS_CERTS)
|
| ScopedPK11Slot OpenSoftwareNSSDB(const base::FilePath& path,
|
| const std::string& description) {
|
| const std::string modspec =
|
| @@ -931,7 +930,7 @@ void DisableNSSForkCheck() {
|
|
|
| void LoadNSSLibraries() {
|
| // Some NSS libraries are linked dynamically so load them here.
|
| -#if defined(USE_NSS)
|
| +#if defined(USE_NSS_CERTS)
|
| // Try to search for multiple directories to load the libraries.
|
| std::vector<base::FilePath> paths;
|
|
|
| @@ -980,14 +979,14 @@ void LoadNSSLibraries() {
|
| } else {
|
| LOG(ERROR) << "Failed to load NSS libraries.";
|
| }
|
| -#endif // defined(USE_NSS)
|
| +#endif // defined(USE_NSS_CERTS)
|
| }
|
|
|
| bool CheckNSSVersion(const char* version) {
|
| return !!NSS_VersionCheck(version);
|
| }
|
|
|
| -#if defined(USE_NSS)
|
| +#if defined(USE_NSS_CERTS)
|
| base::Lock* GetNSSWriteLock() {
|
| return g_nss_singleton.Get().write_lock();
|
| }
|
| @@ -1013,7 +1012,7 @@ AutoSECMODListReadLock::AutoSECMODListReadLock()
|
| AutoSECMODListReadLock::~AutoSECMODListReadLock() {
|
| SECMOD_ReleaseReadLock(lock_);
|
| }
|
| -#endif // defined(USE_NSS)
|
| +#endif // defined(USE_NSS_CERTS)
|
|
|
| #if defined(OS_CHROMEOS)
|
| ScopedPK11Slot GetSystemNSSKeySlot(
|
|
|
Chromium Code Reviews
Issue 1082123003:
Rename USE_NSS to USE_NSS_CERTS. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@use-nss-certs